Vulnerability intelligence
CVE-2026-26980
Official description is being retrieved from NVD — refresh shortly.
CVSS Score
9.4
Critical
EPSS — Exploit Probability
0.0%
Riskier than 0% of all CVEs
Exploitation
Not in CISA KEV
No federal exploitation record
Remediation
Patch available
Vendor fix published
6 articles across 5 outlets · first covered May 25, 2026 · latest May 31, 2026
Associated threat actors
Coverage timeline
-
Ghost CMS mass hack via CVE-2026-26980 fuels ClickFix attack wavesecurityaffairs.com · May 31, 2026
-
Global Ghost CMS Poisoning Campaign Exploits Enterprise Blogssecurityonline.info · May 27, 2026
-
Hackers Hijack 700+ Sites via Ghost CMS SQLi Flaw CVE-2026-26980www.malwarebytes.com · May 26, 2026
-
Ghost CMS SQL flaw lets attackers hijack 700+ sites, steal keyssecurityaffairs.com · May 25, 2026
-
Ghost CMS CVE-2026-26980 SQLi Triggers Attack on 700 Siteswww.securityweek.com · May 25, 2026
-
CVE-2026-26980 flaw hijacks 700+ Ghost sites for click fraudthehackernews.com · May 25, 2026